Privacy Pass Authentication for Kagi Search
151 comments
·February 13, 2025drdaeman
Neat! It's rare to see that a service you use actually does something that benefits the user rather that itself. An unexpected, but a really pleasant surprise.
I wish this extension would integrate better with the browser by automatically understanding the context. That is, if I'm in a "regular" mode it'll use my session, but if I'm in a "private browsing" mode (`browser.extension.inIncognitoContext`) it'll use Privacy Pass to authenticate me, without me having to explicitly do anything about it.
(I don't use Orion, as there's no GNU/Linux version.)
_fat_santa
> It's rare to see that a service you use actually does something that benefits the user rather that itself
The reason it's become so rare is most companies in this space (heck tons of tech companies period) have used a business model of offering a thing to one group of users and then turning around and selling the results of that thing to another group of users, where the latter group is the one actually driving your revenue. This by default almost assumes a hostility towards the former group because their interests will of course be at odds with the interests of the latter group.
What's refreshing about Kagi and other new tech companies is they have dumped this model in favor of having just one group that they serve and drive revenue from (ie. the 'old' model).
sxg
The other part to this is that the internet accelerates network-effects, which you can further supercharge by making your product as cheap as possible or free to the former group in your example.
It’s hard to make money by charging a lot to a small group of people since now you’re dealing with anti-network effects. Doubling the price of a product will likely more than halve your user base.
api
This is one of the best explanations I've seen for this phenomenon.
If you try to build a network of paid users, you lose because you'll be run over by 'free' competitors monetizing indirectly.
Klaus23
The downside of this is that if you are not on a larger network, the IP address will probably deanonymise you. Kagi knows you are logged in, and if you open a private browsing window to do a spicy search, they could link the searches. Fast switching between modes is undesirable.
aryonoco
And that's why Kagi has simultaneously rolled out their service availability on tor: http://kagi2pv5bdcxxqla5itjzje2cgdccuwept5ub6patvmvn3qgmgjd6...
Tor has its flaws and criticisms, but it's really not on Kagi to fix them. With the combination of tor and their privacy pass, Kagi has gone further in allowing their paid users access to their services than anyone else.
Disclaimer: Not associated with Kagi in anyway other than being a very happy user.
theschmed
FYI in case you’re not aware, they announced in a podcast near the end of 2024 that a Linux version of Orion is planned.
thibaultmol
yeah, same. I would only use privacy pass for icognito searches COUGH P0RN COUGH mainly (let's be honest). Feel free to submit the idea on kagifeedback.org
mhitza
The post hints at this, but having a shop where one can buy a privacy pass without an account makes sense.
Should support some crypto currency (probably monero), and something like GNU Taler if that technology ever becomes usable.
jacekm
Kagi accepts bitcoins but Vlad (the founder) mentioned on their forum that so few people use this option that it does not make sense to work on accepting Monero.
freediver
(vlad here) Rather, we are opportunistic about it and we want to focus on things that make impact (which most of the time is search, not billing). If there is enough demand, we will work on Monero support - and yes I agree, buying privacy pass tokens, without even needing an account, is one of those super-cool use cases.
loughnane
I know I’m just one guy, but lack of Monero support kept me away.
This feature looks like it narrows the gap a bit though.
Nice work
freedomben
I'd love to pay for Kagi with crypto, the main thing for me is the steep transfer fees. Nevertheless those can be offset somewhat with bulk payments. How about ability to buy like 3 years of Kagi at a time with crypto?
When I try to go into billing in Kagi I just get forwarded to Stripe. Does Stripe process the crypto payments?
null
mhitza
Kagi's privacy guarantee is more of a "trust me bro" and I say that as a Kagi subscriber. While they may claim that they preserve privacy or anonimity as long as it's tied to a user account, or payment information nothing prevents them from associating searches with user. Even protonmail enabled logging for a particular user at one point. Their guarantee is on the same level.
At the same time, privacy pass is a very foreign concept to me. If they are transferable between devices, one could generate a couple and resell them over some other medium (even in person).
freediver
We implemented Privacy Pass exactly so that you do not need to trust any claims we make but as a user have a (provable, cryptographically) mechanism that guarantees this, with one click, whenever you need it.
thibaultmol
the privacy pass extension is open source exactly because users can then verify the process. and yeah, to prevent reselling they've made it so you can't get infinite tokens.
autoexec
I agree that third party stores selling tokens without any account at all would be the ideal solution, but without an account you'd be missing out on many of the features that make kagi worth using like being able to remove certain domains from results or prioritizing types of results over others.
dsp_person
Add the ability to export your account config (yaml?) and use it with privacy pass. Maybe even sync it with git.
To avoid fingerprinting by config, have a page where the community can share and vote on best configs, then clone and use a popular one that suits your needs.
CGamesPlay
This defeats the purpose of Privacy Pass. Something similar is discussed in the post: https://blog.kagi.com/kagi-privacy-pass#:~:text=customizatio...
MostlyStable
One of the biggest complaints about Kagi from people who have not yet adopted it is their privacy concerns around having to login and have payment information.
I'm not one of the people that has been concerned about that, but I'm curious to what extent this alleviates those concerns among those that have had them.
godelski
This seems cool, but I still think the pricing of kagi is rather steep. It is $5/mo for 300 searches a month, which is really going to get you under 10 a day... That's insufficient. Then $10/mo (or $108/yr) for unlimited.
I'm curious if anyone knows, are companies like Google and Microsoft making more than $10/mo/user? We often talk about paying with our data, but it is always unclear how much that data is worth. Kagi does include some numbers, over here[0], but they seem a tad suspicious. The claim is Google makes $23/mo/user, and this would make their service a good value, but the calculation of $76bn US ad revenue (2023) and $277 per user annually gives 274m users. It's close to 80% of the US population, but I though google search was about 90% of global. And I doubt that all ad revenue is coming from search. Does anyone know the real numbers? Googling I get inconsistent answers and also answers based on different conditions and aggregations. But what we'd be interested here is purely in Google /search/ and not anything else.
[0] https://help.kagi.com/kagi/why-kagi/why-pay-for-search.html
MyOutfitIsVague
I don't know nor do I really care what other search companies are making. I pay $10/month for Kagi because it works for me and it's good. I don't even care about Kagi as a company (I don't care about any company); their search works. It's a good product, and I'm happy to keep paying for it as long as it keeps being useful while all the free competitors are still terrible. I use about 2k searches per month.
edit: Even just the ability to rank, pin, and block domains alone is crazy useful. I never need to see Pinterest in any image search results again. If I see a crappy blog spam site, I just block it and it never shows up again. It feels like these are basic, fundamental features that every search engine should have had a long time ago. It's pretty sad that Kagi is getting so much praise for doing things that really should have been standard for at least a decade (not sad in any negative way toward Kagi, but because our standards and expectations for search have dropped this low).
redserk
$10 felt a bit steep until I realized there is probably the economies of scale at play here.
1) There is a marginal payment overhead. I'd assume $0.50-0.75, leaving their amount down to $9-ish.
2) It's a fairly niche product with a still-small userbase. ~40k users at ~$9/mo = $360k/mo (I know there's $5/mo users and $25/mo users but I'd assume there are far more $5/mo and $10/mo users than $25/mo users)
3) They have to keep the service running 24/7/365, so you have to hire devs either across multiple time-zones or compensate them enough to be OK fighting fires at 2am.
autoexec
As the user of a service. payment overhead, a small userbase, and dev salaries aren't my problem. My only concern is what I'm getting for what I'm paying..
$5 a month for fewer than 10 searches a day is clearly not a good deal. $10 a month might be worth it for some, but an extra $15 a month on top of that for AI results is kind of crazy.
MostlyStable
The way I think about it is how much time do I save by having better search results. I'm on a family plan currently, but was on an unlimimited 10/month plan. At the rate I value my time, Kagi needs to save me well under an hour per month through better search results. I'm quite confident it reaches and exceeds that bar relative to google. And that's even before you get into any philosophical/moral preferences for being the direct customer rather than being the product (as in ad-supported services).
redserk
Perhaps the product isn't for you.
I don't know Kagi's financials, but this is usually the case for a lot of products with a smaller customer base. For example, a block of Kraft cheddar will be a lot cheaper than an equivalent-sized block from an organic local dairy. There's always a customer base that is willing to pay for a differentiating feature or value.
I'm satisfied paying for it because the product works well and saves me time. I can't say the same for a lot of the random $10 impulse buys I make in a month.
jjice
That extra $15 a month is for access to LLMs. They currently support the Claudes, the GPTs (not o1), Mistral, Gemini, Llamma, Qwen QWQ, Nova, and DeepSeek. It's currently unlimited access in the standard chat format.
You can also choose if you want the chat to RAG search results into the context for additional info, and then cite those sources. To me, replacing a Claude/ChatGPT subscription with $15 on top of a company I already like, while also getting a bunch of other models was a no-brainer.
phren0logy
For me, it's also about voting with my wallet. I'm not enthusiastic about invasive ad tech. As it stands, nobody else offers what Kagi offers at any price. If there were an equivalent service for $5/month, I'd give it a look, but there isn't.
hedora
If you can pay $10/month for a better search experience, then Google's making way more than that much off your data.
Kagi saves me much more than $10 of time every month. I definitely don't regret the subscription cost. Their LLM thing (append "?" to your internet search query) is worth more than that on its own.
atonse
I support them ($10/mo) because they do a good job and I figured, if I pay, then the likelihood of them using sketchy ways of making money is reduced.
BeetleB
Depends on how you use it. For non-developers, under 10 searches per day on average sounds right. Not everyone has a job where they sit on a computer all day.
For me, I use Kagi only at home for personal use. And most months, I don't exceed 300. Of course, if I included work related searches, then yes - 10 searches won't get me far.
daft_pink
The reason why it's worth it is because its search works really well. I've tried DuckDuckGo, Bing and always subconsciously ended up back at Google. This is the only search service I've used that works better than Google search and I think it's a combination of them not putting ads on the search and the way they let you tweak the search to block poor quality sites. How much it costs them or how much google profits vs your payment is not really relevant to me. It's the best working search engine in my opinion.
HanClinto
I subscribe to an unlimited family plan. When considering how much cleaner my web experience is, it's a no-brainer. Default search engine on all our phones and devices.
They're my portal to the web. It's less like an optional web service (like a streaming service), and it feels more like I'm paying for them to be my ISP.
dcow
I’ve been paying for Kagi for a long time through all their pricing model changes and updates. I have never once hit the search limit. I know they base their tiers on market research of search volume balanced against cost of serving a query. If you’re looking for reasons not to pay for search, you’ll find them. But the pricing model is hardly one. If you want an amazing and respectful search experience, and want to back a company that’s truly doing right by users and innovating at the same time, give Kagi a try!
outime
The biggest flaw I always saw in Kagi has now been addressed by this. Thank you for listening and working to make the product appealing to (almost) everyone!
AutistiCoder
Trying to understand Privacy Pass here.
My understanding is, it's analogous to writing a note to your manager.
That note is a random number written in ink your manager can't actually read; all they can do with that note is sign it. They ask God (used here to represent math itself) how to sign this note, and God gives them a unique signature that also theoretically cannot be used to calculate the number that's written. This signature also proves what you're authorized to do. And then your manager hands the note back to you.
The note's sole function past that point is so you can point to the signature thereon and say "this signature proves I can do this, that, etc."
echoangle
I don’t really understand how the protocol can ensure that the server can’t identify the client.
As far as I understand, the client sends some information A to the server, the server applies some private key X and returns the output B to the client, which then generates tokens C from the output.
If the server uses a different X for every user and then when verifying just checks the X of every user to see which one is valid, couldn’t the server know who created the token?
jerf
Here's a resource I found that walks through the ideas of the protocol, starting with simple implementations that have a problem, and then solving the problem one by one: https://privacypass.github.io/protocol/
I think that's the best conceptual overview of a crypto protocol I've ever seen.
dan353hehe
That is an excellent explanation of how the protocol works. Thank you for bringing it to the discussion!
stebalien
See section 5.5 of the linked paper https://petsymposium.org/popets/2018/popets-2018-0026.php. I'm not sure if/how Kagi implemented this, but the idea is that Kagi's "public" component can be committed to publicly (e.g., in the browser extension itself).
abound
[I implemented this at Kagi]
And you can validate this, if you try to issue a Privacy Pass search without a private token, you'll get a `WWW-Authenticate` header that kicks off the handshake, and that should be the same for all users for a given epoch (month). E.g.
curl -v -H 'X-Kagi-PrivacyPass-Client: true' 'https://kagi.com/search?q=test'echoangle
But how do I validate that I’m actually getting the same value as everyone else? Is the value I should get published somewhere (in a verifiable and not editable way) so I can see that I’m not being tracked?
Or does the extension validate this and the correct value is hardcoded in the extension like stebalien suggested?
echoangle
Thanks for looking it up, that makes sense.
wasabi991011
In the simplest terms, the token generation process B->C is done with the user's private key. So even if the server knows A,X,B they can't link it to the token C.
echoangle
But if the server is allowed to vary X, it can basically act like different servers to each client, and can then when given a token check for which server would have been valid. The solution I got from the other replies is to make sure that the server uses the same X for everyone by verifying it as a client.
Ajedi32
Is this the same Privacy Pass that Cloudflare was using to allow clients to bypass CAPTCHAs? If so, this is a really neat application of that system; it never occurred to me that it could be used to anonymously authenticate to a paid service.
RupertWiser
The cryptography privacy pass is based off [1] actually comes from Ecash[2] so we’ve gone full circle.
[1] https://www.petsymposium.org/2018/files/papers/issue3/popets... [2] https://en.m.wikipedia.org/wiki/Ecash
esafak
I love this company and product. I noticed another great feature today: the ability to filter AI slop in image search! It's the right-most filter: "AI Images".
cobertos
What's to stop someone on the Kagi side from just adding a new column to the token table that has the user (with their SessionCookie) who generated the token next to it? I don't see how this can't be trivially connected to the original token generator.
fvirdia
Implementor here. During the Privacy Pass "issuance" protocol, the client will generate a "message" that the server will process. The output from the server is returned to the client, that further modifies this output to produce the final tokens. The last client modification randomises these tokens in such a way that the server will be unable to identify to what issuance they belong.
The very cool thing is that this is the case even if the server tries to misbehave during their phase. This means that users only need to trust the client software, which we open sourced: https://github.com/kagisearch/privacypass-extension
Some posters are mentioning blind signatures, and indeed Privacy Pass can utilise these as a building block. To be precise, however, I should mention that for Kagi we use "Privately Verifiable Tokens" (https://www.rfc-editor.org/rfc/rfc9578.html#name-issuance-pr...) based on "oblivious pseudorandom functions" (OPRFs), which in my personal view are even cooler than blind signatures
perihelions
That's apparently explained in their citation [1], the paper about cryptographically anonymous token protocols. It's not a simple plaintext token.
https://petsymposium.org/popets/2018/popets-2018-0026.php ("Privacy Pass: Bypassing Internet Challenges Anonymously")
I think Cloudflare implemented the same thing? At least the HN comments link to the same paper,
https://news.ycombinator.com/item?id=19623110 ("Privacy Pass (cloudflare.com)", 53 comments)
ajayyy
The tokens are "generated" on the client, and the server just gives the client enough information to make that locally generated token become "valid", without being able to link that token to a specific validation attempt
sebazzz
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
SomeoneOnTheWeb
Exactly the question I had in mind. You can't rely on server side trust so I'm curious if I just misunderstood something...
null
thibaultmol
I think the extension they're using being open source helps with this? because it can be checked in there? not sure
lxgr
I believe "Privacy Pass" uses blind signatures, so the token that the TokenResponse contains can't be correlated to the one provided in the search query, if I understand it correctly.
beeflet
It's a shame that their $5 tier is only 300 searches/month, or 10 searches per day. It's kind of ridiculously low. I could burn through half of that in a single day of debugging
Also I just tried it and you can't really search for porn
null
mulderc
Unlimited is only $10, more than worth it for me.
dingnuts
that's because you're a computer professional and the professional plan is more appropriate for you.
I gave a hundred searches to some normies I know and they told me that they save them to use when Google can't find what they want because Kagi works better (!) so they hoard the searches as backups to Google.
All I know is that I haven't used Google on purpose for a year and it's really turned into an eyesore
If account settings are not possible because you could fingerprint users, then client-side filtering or reordering might be a solution.
Safe-search or not, just transfer both result lists and make the client only show the one you want. Blacklists would hide your blocked crap sites, and the same could be done with languages, where you at least get the results for the bigger ones. It may even be possible to implement the ranking adjustments to some extend.
Client-side filtering would put more load on the server, but I hope the cost increase is tolerable. It could make Privacy Pass available to many more users who don't have overly complex account rules.